Why can't I update the default tenants smtp parameters through the API?

laurent.michel

I am using the single, default tenant defined by fusionauth :

I installed fusionauth with the following kickstart:

{
  "apiKeys": [
    {
      "description": "Almighty API Key",
      "key": "#{almightyApiKey}"
    },
    {
      "description": "Serverless API Key",
      "key": "#{serverlessApiKey}",
      "permissions": {
        "endpoints": {
          "/api/jwt/validate": [
            "POST"
          ],
          "/api/login": [
            "POST"
          ],
          "/api/user": [
            "POST",
            "DELETE"
          ],
          "/api/user/registration": [
            "POST"
          ]
        }
      }
    }
  ],
  "requests": [
    {
      "body": {
        "registration": {
          "applicationId": "#{FUSIONAUTH_APPLICATION_ID}",
          "roles": [
            "admin"
          ]
        },
        "user": {
          "email": "#{adminEmail}",
          "password": "#{adminPassword}"
        }
      },
      "method": "POST",
      "url": "/api/user/registration"
    },
    {
      "body": {
        "emailTemplate": {
          "defaultHtmlTemplate": "To change your password use the following token:\n\n<p>changePasswordId=${changePasswordId}</p>",
          "defaultSubject": "Reset your password",
          "defaultTextTemplate": "To change your password use the following token: \n\nchangePasswordId=${changePasswordId}",
          "name": "Forgot Password"
        }
      },
      "method": "POST",
      "url": "/api/email/template/#{forgotPasswordEmailTemplateId}"
    },
    {
      "body": {
        "emailTemplate": {
          "defaultHtmlTemplate": "Your account has been created and you must setup a password. Use the following token to setup your password:\n\n<p>changePasswordId=${changePasswordId}</p>",
          "defaultSubject": "Setup your password",
          "defaultTextTemplate": "Your account has been created and you must setup a password. Use the following token to setup your password: \n\nchangePasswordId=${changePasswordId}",
          "name": "Setup Password"
        }
      },
      "method": "POST",
      "url": "/api/email/template/#{setPasswordEmailTemplateId}"
    },
    {
      "body": {
        "emailTemplate": {
          "defaultHtmlTemplate": "[#if user.verified]\nPro tip, your email has already been verified, but feel free to complete the verification process to verify your verification of your email address.\n[/#if]\n\nTo complete your email verification use the following token:\n\n<p>${verificationId}</p>",
          "defaultSubject": "Verify your email address",
          "defaultTextTemplate": "[#if user.verified]\nPro tip, your email has already been verified, but feel free to complete the verification process to verify your verification of your email address.\n[/#if]\n\nTo complete your email verification use the following token:\n\n${verificationId}",
          "name": "Email Verification"
        }
      },
      "method": "POST",
      "url": "/api/email/template/#{verificationEmailTemplateId}"
    },
    {
      "body": {
        "emailTemplate": {
          "defaultHtmlTemplate": "[#if registration.verified]\nPro tip, your registration has already been verified, but feel free to complete the verification process to verify your verification of your registration.\n[/#if]\n\nTo complete your registration verification use the following token: \n<p>${verificationId}</p>",
          "defaultSubject": "Verify your registration",
          "defaultTextTemplate": "[#if registration.verified]\nPro tip, your registration has already been verified, but feel free to complete the verification process to verify your verification of your registration.\n[/#if]\n\nTo complete your registration verification use the following token: \n\n${verificationId}",
          "name": "Registration Verification"
        }
      },
      "method": "POST",
      "url": "/api/email/template/#{registrationVerificationEmailTemplateId}"
    },
    {
      "body": {
        "tenant": {
          "emailConfiguration": {
            "defaultFromEmail": "#{fromEmail}",
            "defaultFromName": "#{fromName}",
            "forgotPasswordEmailTemplateId": "#{forgotPasswordEmailTemplateId}",
            "host": "#{mailServerHost}",
            "password": "#{mailServerPassword}",
            "port": "#{mailServerPort}",
            "security": "#{mailServerSecurity}",
            "setPasswordEmailTemplateId": "#{setPasswordEmailTemplateId}",
            "username": "#{mailServerUsername}",
            "verificationEmailTemplateId": "#{verificationEmailTemplateId}",
            "verificationStrategy": "FormField",
            "verifyEmail": true,
            "verifyEmailWhenChanged": true
          },
          "issuer": "#{issuer}",
          "name": "Default",
          "userDeletePolicy": {
            "unverified": {
              "enabled": true,
              "numberOfDaysToRetain": 1
            }
          }
        }
      },
      "method": "PATCH",
      "url": "/api/tenant/#{defaultTenantId}"
    },
    {
      "body": {
        "lambda": {
          "body": "function populate(jwt, user, registration) { jwt['#{hasuraClaimsNamespace}'] = { 'x-hasura-allowed-roles': jwt.roles, 'x-hasura-default-role': jwt.roles[0], 'x-hasura-user-id': user.id }; }",
          "debug": true,
          "enabled": true,
          "name": "hasura",
          "type": "JWTPopulate"
        }
      },
      "method": "POST",
      "url": "/api/lambda/#{hasuraLambdaId}"
    }
  ],
  "variables": {
    "adminEmail": "admin@company.com",
    "adminPassword": "my admin password",
    "almightyApiKey": "24114b81-4207-4b02-bcd5-3bbbb91a66e7",
    "defaultTenantId": "9d72d134-464e-4542-a42f-6b0ac602f0d2",
    "forgotPasswordEmailTemplateId": "#{UUID()}",
    "fromEmail": "no-reply@company.com",
    "fromName": "Company",
    "hasuraClaimsNamespace": "https://hasura.io/jwt/claims",
    "hasuraLambdaId": "#{UUID()}",
    "issuer": "company.com",
    "mailServerHost": "smtp-host",
    "mailServerPassword": "smtp-pwd",
    "mailServerPort": 1025,
    "mailServerSecurity": "NONE",
    "mailServerUsername": "smtp-user",
    "registrationVerificationEmailTemplateId": "#{UUID()}",
    "serverlessApiKey": "42f41c94-e41a-492c-891c-c85f2204c639",
    "setPasswordEmailTemplateId": "#{UUID()}",
    "verificationEmailTemplateId": "#{UUID()}"
  }
}

I have defined a super-user api key:

Using that key, with python fusionauth client, I am trying to get all tenants like this:

response = client.retrieve_tenants()
tenants = response.success_response['tenants']

I get None tenants. Why? I was expecting to see my default tenant here. Then, if I grab my default tenant id and use it like this:

request = {
        'tenant': {
            'emailConfiguration': {
            'host': hostname,
            'port': port,
            'username': username,
            'password': password,
            'security': 'SSL' if enable_ssl == 'true' else 'NONE',
        }
    }
}
response = client.update_tenant(tenant_id, request)

then I get response.status == 405 which is not documented in your documentation. Why do I get that status? How can I update my default tenant's smtp parameters through the API? If I do it through the FusionAuth dashboard, then it works.

I am working with FusionAuth version 1.32.1.

Thanks in advance for your help!

laurent.michel

If I don't use the python client, but rather do this:

curl -X PATCH http://my-fusionauth-hostname.com/api/tenant/135ccc5c-17b9-414b-9538-65d77e53a0c0
     -H 'Content-Type: application/json'
     -H 'Accept: application/json'
     -H 'Authorization: CrH00Hgsp1yj1NKyGHGwxS8xKpoJh9gwNcOKful4'
     -d '{ "tenant": { "emailConfiguration": { "host": "smtp-host", "port": 8080, "username": "the-username", "password": "password", "security": "SSL" } } }'

Then it works.

laurent.michel

If I do

curl http://docker122445-env-0749025.hidora.com/api/tenant
   -H "Accept: application/json"
   -H 'Authorization: CrH00Hgsp1yj1NKyGHGwxS8xKpoJh9gwNcOKful4'

then I get my default tenant.

laurent.michel

I was able to gather that

response = client.retrieve_tenants()
tenants = response.success_response['tenants']

returns None because I created the fusionauth client like this:

client = FusionAuthClient(args.api_key, args.api_url)

with api_url ending with trailing slash. Interestingly,

response.was_successful()

is true. I still have no explanation for the other call.

laurent.michel

Without the trailing slash in fusionauth api url, I get a 400 status code for call

request = {
        'tenant': {
           'emailConfiguration': {
            'host': hostname,
            'port': port,
            'username': username,
            'password': password,
            'security': 'SSL' if enable_ssl == 'true' else 'NONE',
        }
    }
}
response = client.update_tenant(tenant_id, request)

The printed value of the request variable is

{'tenant': {'emailConfiguration': {'host': 'my-smtp-host', 'port': 8081, 'username': 'laurent', 'password': '1234', 'security': 'SSL'}}}

laurent.michel

long story short: this works:

request = {
    'tenant': {
            'emailConfiguration': {
            'host': hostname,
            'port': port,
            'username': username,
            'password': password,
            'security': 'SSL' if enable_ssl == 'true' else 'NONE',
        }
    }
}
headers = {'content-type': 'application/json', 'authorization': api_key}
response = requests.patch(f'{api_url}/api/tenant/{tenant_id}', data=json.dumps(request), headers=headers)

i.e. I receive status 200, but this doesn't:

request = {
        'tenant': {
            'emailConfiguration': {
                'host': hostname,
                'port': port,
                'username': username,
                'password': password,
                'security': 'SSL' if enable_ssl == 'true' else 'NONE',
        }
    }
}

response = client.update_tenant(tenant_id, request)

i.e. I receive status 400.

dan

@laurent-michel

Hmmm.

I am not super familiar with the requests library, but a patch in general is different from what update_tenant does. Does the 400 happen if you run patch_tenant?

laurent.michel

@dan hmmm I did not see that method. I'll give a try. I'm pretty sure it will work. Thanks for the hint!

laurent.michel

@dan I can confirm it's working as expected. Thanks for your useful advice.

dan

@laurent-michel Great to hear!